Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ecd001aeb6...61.exe

windows7-x64

10

ecd001aeb6...61.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 14:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecd001aeb6bcbafb3e2fda74d76eea3c0ddad4e6e7ff1f43cd7709d4b4580261.exe

  • Size

    448KB

  • MD5

    76ba5272a17fdab7521ea21a57d23591

  • SHA1

    6b831413932a394bd9fb25e2bbdc06533821378c

  • SHA256

    ecd001aeb6bcbafb3e2fda74d76eea3c0ddad4e6e7ff1f43cd7709d4b4580261

  • SHA512

    61dbf7fc1e2e5030a9c868edef37d9bd2a9e0ae96de87087929dce451e49df283089906c1fee619a7a53762f6d85f2802364a0ce0aa90d8cfc2153d79596075e

  • SSDEEP

    6144:d9eE+BSAOxVxkRqEavXcboOGQoEZu77RaXZDs0DZ186LxSp6TyD61:CEPxxVxkRqdvOiQTA2Ds0N1XLxSOyu

Score
10/10
windealerstealertrojan

Malware Config

Signatures

  • Detect WinDealer information stealer 4 IoCs
    stealer
  • WinDealer

    WinDealer is an info stealer used by LuoYu group.

    stealertrojanwindealer
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecd001aeb6bcbafb3e2fda74d76eea3c0ddad4e6e7ff1f43cd7709d4b4580261.exe
    "C:\Users\Admin\AppData\Local\Temp\ecd001aeb6bcbafb3e2fda74d76eea3c0ddad4e6e7ff1f43cd7709d4b4580261.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:1712

Network

    No results found
No results found
  • 221.195.68.71:6999
    ecd001aeb6bcbafb3e2fda74d76eea3c0ddad4e6e7ff1f43cd7709d4b4580261.exe
    172 B
     1

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-0-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1712-7-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1712-6-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1712-5-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.